Commit Graph

453 Commits

Author SHA1 Message Date
Daniel Barlow
f07a38b0fd extract uimage output module into own file 2024-12-22 21:10:07 +00:00
Daniel Barlow
ac189f2977 outputs.zimage -> outputs.kernel.zImage
remove config option/derivation in favour of accessing
as output of the kernel derivation (matches what we do
with e.g. modulesupport)
2024-12-22 17:27:59 +00:00
Daniel Barlow
f60b74f415 add a new updater output
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.

breaking-ish change to workflows, docs updated
2024-12-20 00:05:07 +00:00
Daniel Barlow
56c667cfd5 extract systemConfiguration into its own output module 2024-12-19 20:55:10 +00:00
Daniel Barlow
f9b4f0bc9c move modules/squashfs.nix into outputs/ 2024-12-19 14:33:50 +00:00
Daniel Barlow
ffaca615ba copy logs to /dev/pmsg0 when ogging.persistent.enabled 2024-12-18 21:11:58 +00:00
Daniel Barlow
81f5550bf0 config.logging.persistent enables /dev/pmsg0
- whatever's written to /dev/pmsg0 appears as
/sys/fs/pstore/pmsg-ramoops-0 after reboot

- only works on devices with the relevant device tree
support (gl-ar750 and whatever has it by default)

- nothing in the system is actually writing this file yet

- or reading it at boot time, for that matter
2024-12-17 23:24:31 +00:00
Daniel Barlow
b52133a28b add hardware.dts.includes option 2024-12-17 20:36:14 +00:00
Daniel Barlow
44caefcd3b rename config.hardware.dts.includes -> includePaths
(1) it's a better name
(2) I want to use `includes` to specify dtsi files
2024-12-17 17:41:53 +00:00
Daniel Barlow
1f7d6544e3 provide stdout to ppp callback scripts
pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs
2024-10-17 21:37:08 +01:00
Daniel Barlow
1bca072509 fix chrony pidfile error 2024-10-17 21:35:33 +01:00
Daniel Barlow
7b98724643 turns out we did need usepeerdns 2024-10-17 21:05:16 +01:00
Daniel Barlow
b1625763ee ppp service signal readiness only when ip-up has run
as downstream services need e.g. ifname which is not written by ipv6-up
2024-10-16 22:59:01 +01:00
Daniel Barlow
14bfebc5c3 enable unloading modules so that scripts work
if we can't unload them then the service that loads them will fail
the second time it's run
2024-10-16 22:54:19 +01:00
Daniel Barlow
0447ac0ff9 did we need MODULE_SIG?
I think this may be a hangover from using backports modules for wlan
2024-10-16 22:53:16 +01:00
Daniel Barlow
e35a1514ab send kernel logs to s6 2024-10-16 18:59:42 +01:00
Daniel Barlow
4a0120487c remove usepeerdns - it causes only errors
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00
Daniel Barlow
17517dd34f remove KEXEC from base kernel config
we're not using it any more
2024-10-10 18:23:50 +01:00
Daniel Barlow
5112eab4da apply incoming-allowed-ip[46] rules to input as well as forward pkts
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
Daniel Barlow
2d7e6188ac log shipping service now gets logs on stdin
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
Daniel Barlow
493c5f69d7 add module for certifix-client 2024-10-06 11:27:39 +01:00
Daniel Barlow
635590d37a implement log shipping config
to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
Daniel Barlow
707a471bc2 add logtee to catchall logger 2024-09-16 21:30:06 +01:00
Daniel Barlow
e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow
091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow
c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow
500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow
e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow
14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00
Daniel Barlow
e745991b9d restart pppoe/l2tp in secrets changes 2024-08-30 20:49:27 +01:00
Daniel Barlow
defbfce1fb finish converting outputRef to lambda 2024-08-30 20:46:48 +01:00
Daniel Barlow
a8a19977ca (untested) template service for tang encrypted secrets 2024-08-28 22:32:26 +01:00
Daniel Barlow
7351e143c5 remove redundant sourcing of ${serviceFns}
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
Daniel Barlow
fe7b092075 (untested) http basic auth for outboard secrets 2024-08-28 20:53:59 +01:00
Daniel Barlow
d5d621f310 rename http-fstree => json-to-fstree
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
Daniel Barlow
c7164a6f4a sshd can use outputRef for authorized_keys 2024-08-25 16:35:50 +01:00
Daniel Barlow
99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882 change output references from attrset to lambda
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow
869a508c0a add authorizedKeys option to ssh service
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow
a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be devout needs a longer startup timeout
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow
2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow
21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow
4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885 pppoe convert to using a config file
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow
264d83c98d move some secret-watching stuff from hostapd to secrets 2024-08-20 21:49:11 +01:00
Daniel Barlow
97defc2076 hostapd: get secrets service/path from attrs 2024-08-17 22:25:30 +01:00
Daniel Barlow
bcd9d56624 start devout after mdevd
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow
e2c883356c add secrets-subscriber service, make hostapd use it 2024-08-15 23:00:41 +01:00
Daniel Barlow
2f82e0dab8 hostapd set permissions on dir in /run/ 2024-08-14 22:57:02 +01:00